About

The CodeAllTheThings project aims to provide security methodology on how to manually review the application codebase and search for security vulnerabilities through source code, explain the architecture of application frameworks, provide an easier technical transition to the desired framework / language / technology.

Goals

By developing and hosting this project, we want to accomplish several things:

1. Increase developer awareness of where and why security vulnerabilities are actually located.
2. Train developers and security engineers by providing a codebase security vision.
3. Show security folks that source code reviews are a much cooler way to learn and find vulnerabilities.

Audience

This project will be a good source of knowledge for developers, application security engineers, penetration testers, and people who are involved in red team activities. The audience of this project is quite broad and will be useful for those who need to develop, review, integrate, and work with the described technologies, programming languages, and frameworks.

Contribution

At the moment the Octal Security team is taking care of most of the project development, but we really need help from the security community. To make this project great, we will need more security researchers and developers contributing to this project. United we are stronger, smarter, and more aware.

If you see that we missed some information in the published methodologies or just want to add a new methodology document, feel free to make a pull request, we will review your work and, if it meets our needs, we will add it to the repository project. If you have contributed to the project, we will be happy to post a message on our social networks to inform that you are part of this project and what you have contributed.

There is an example template of what the methodology page should look like and what we are trying to communicate to the reader. If you are ready to contribute, check out the template page below to understand our needs:

_template